Analyzing android application in real-time at kernel level

Hao Ruan, Xiao Fu, Xuanyu Liu, Xiaojiang Du, Bin Luo

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

The wide spread of mobile devices has also caused the explosive growth of malwares. Application behavior analysis is a popular technique to fight against malwares. However current app behavior analysis methods still have some limitations. For example, many popular dynamic analysis methods are built on Dalvik virtual machines. They cannot disclose the behavior of native code. VMI based methods can overcome this limitation but they're executed in simulated environments. Now malwares can detect where they are running so as to hide the illegal behaviors by anti-forensic techniques. Considering these, we present the DroidRevealer. It is based on kernel-level system calls monitoring and it's running on real android devices. By intercepting and interpreting certain file/network related and android-specific system calls, it can reconstruct app behaviors in real-time. It's difficult to evade as it runs in the kernel. And its results do not simply focus on a single kind of behavior or a single app. Instead it is data oriented, i.e. it monitors how the target data source is used. The result is presented as an intelligible graph which can provide both a good basis for detection and crucial evidence for forensics. Experiments have proved that the performance of our method is acceptable.

Original languageEnglish
Title of host publication2017 26th International Conference on Computer Communications and Networks, ICCCN 2017
ISBN (Electronic)9781509029914
DOIs
StatePublished - 14 Sep 2017
Event26th International Conference on Computer Communications and Networks, ICCCN 2017 - Vancouver, Canada
Duration: 31 Jul 20173 Aug 2017

Publication series

Name2017 26th International Conference on Computer Communications and Networks, ICCCN 2017

Conference

Conference26th International Conference on Computer Communications and Networks, ICCCN 2017
Country/TerritoryCanada
CityVancouver
Period31/07/173/08/17

Keywords

  • Behavior analysis
  • Dynamic analysis
  • Malware detection
  • Mobile forensics

Fingerprint

Dive into the research topics of 'Analyzing android application in real-time at kernel level'. Together they form a unique fingerprint.

Cite this